Here I will try to share documents about Cisco, juniper, Linux, Networking so on. Another thing, if you want to contribute, so please any time. I think this is informative to you and thanks to viewing
Tuesday, January 25, 2011
Virus Name: Trojan-Dropper:W32/Stuxnet (Remove Manualy)
Name: Trojan-Dropper:W32/Stuxnet
Category: Malware
Type : Rootkit
Platform: W32
Detection Names : Rootkit:W32/Stuxnet, Exploit:W32/WormLink
C:\WINDOWS\system32\drivers\MRXCLS.sys --> Rootkit.Stuxnet.A
--> HKLM\System\ControlSet002\Enum\Root\LEGACY_MRXCLS
--> HKLM\System\ControlSet002\services\MRxCls\"ImagePath"
C:\WINDOWS\system32\drivers\MRXNET.sys --> Rootkit.Stuxnet.A
--> HKLM\System\ControlSet002\Enum\Root\LEGACY_MRXNET
--> HKLM\System\ControlSet002\services\MRxNet\"ImagePath"
First Trun-of Autorun: Manual Removal Using IS2010
• Right click My Computers > Properties > Hardware > Device Manager:
- Go to View > Show Hidden Devices
- Go to Non-Plug and Play Drivers
• Disable both MRXNET and MRXCLS:
Manual Removal Instructions
• Delete the following Registry Keys:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet
• Delete the following files:
1. %windir%\inf\mdmcpq3.PNF
2. %windir%\inf\mdmeric3.PNF
3. %windir%\inf\oem6C.PNF
4. %windir%\inf\oem7A.PNF
5. %windir%\system32\drivers\mrxcls.sys
6. %windir%\system32\drivers\mrxnet.sys
• Turn-off AutoPlay on all drives (for more details, see http://support.microsoft.com/kb/967715).
• Reboot the system.
• Clean the malware components from the infected USB thumb drive:
1. Open Command Prompt
2. Change drive to USB drive
3. Run command "del *.lnk"
4. Run command "del *.tmp"
thank you............
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment